interbusiness.it is actually Telecom Italia, that domain is used for
almost all customers reverse DNS including Dial-Up (not sure), ADSL,
E1 lines, even if customers have their own dns for domain resolution.
I.E:
www.example.it resolves in86.111.222.333
86.111.222.333resolves in
Hi Goran,
The keyword Date: Date: appears twice.
Best Regards
Mike Higgins
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at
Hi John,
What is my best bet - jack up
the score a number of points for any mail coming from 86 87? Many of the
messages hardly trip any of the regular tests.
Wouldn't hurt - use blackholes.us and maybe score 40% of your hold
weight? I would say though blocking a /8 is not a good idea.
Thanks, will look at blackholes.us.
My real problem is time. I've written a program and spreadsheet that
extracts the domains and IP's of delivered messages and shows the unique
IP's and how many messages came from them. But when I spend time
cross-checking with SenderBase and ARIN, I can
2 other tactics against these:
1. Spamdomain test. A verizon.com from address is unlikely to come from a
wanadoo.fr reverse dns.
Spamdomains will have some false positive consequences...
2. Reverse DNS Filters. I'd consider a reverse dns with a cable or -dsl-
in it to be suspicious and
Were getting
the same. Also using Declude with smartermail. Because Declude doesnt
appear to be scanning the headers there is no way for us to stop them.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin
Sent: Tuesday, February 28, 2006
12:38 AM
Title: Message
The problem that we've seen this
"spammer" is that the image is corrupted as you mentioned... and Declude is
exiting; thus why it's being allowed to be delivered. "Smart" coding on the
spammer... Not so smart on Declude.
-Erik
-Original Message-From:
[EMAIL
Title: Message
Would you be willing to post the full contents of one of the D* files
and also indicate the version that you are running. This is for my own
interest, but I think it might be beneficial to others. It would also
be useful to see what was logged for this message. It may be that it
Title: Message
Judgement is quick to pass for some around
here.
These are getting caught by my system
X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4],
HELOBOGUS [3], SNIFFER [13]
Harry Vanderzand inTown Internet Computer Services 519-741-1222
From: [EMAIL PROTECTED]
Title: Message
Ditto.
I've received and held 24 messages with the same
title. Re-queuing 3 of these to myself, they had an image that was
intact.
They fail the usual RBL tests plus Message
Sniffer.
Andrew 8)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harry
Title: Message
Yes,
they are passing SNIFFER and Darrell's INV-URIBL at this time. But what
Evans wrote is true. Either this "spammer" has corrected "his" image.. the
fact remains that in the past when it was a corrupted; Declude failed in our
version.
-Original Message-From:
I received a couple with the broken gif as late as yesterday. The Declude
headers end up at the bottom of the message, but they are there. I'm running
Declude 3.0.5.26 and SmarterMail 2.6.
Gary
Original Message
From: Erik [EMAIL PROTECTED]
Sent: Tuesday, February 28,
Title: Message
Erik,
I don't doubt the possibility of a bug causing the scanning of such a
message to fail, but there is a possibility of this also just simply
being a spam that passed, and a failure to insert the headers in the
correct place. It would be great if you guys could supply the
Title: Message
Interesting. As Matt, said, if you can get an
original D*.SMD that would be great for following this
trail.
I would note that in addition, use the headers that were
received to track the sending IP and time, and check your IMail log, and from
there you will have the GUID for
Title: Message
We had an issue with
Declude corrupting images from SmarterStats long ago. It turned
out the SmarterStats wasnt inserting line breaks in their images, and
thus single lines were going out past 8,000 characters, at which point Declude
truncated the line. I wouldnt be
Gary, you should upgrade to 3.0.6, which has been out for about a week now,
as 3.0.5.26 had serious problems with handling certain kinds of mime
encapsulate messages. We actually had to roll back to 3.0.5.23 after
reporting the issues with 3.0.5.26 to Declude. Version 3.0.6 fixed this
issue.
Title: Message
There is also a longstanding bug in at least Declude Virus that has
issues with very long base64 encoding. I have seen no reports that
this was fixed. I am wondering in this case whether or not the bug is
now being exploited by spammers also.
Matt
Jay Sudowski - Handy
Title: Message
Are you utilizing
smartermail as your mail server?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand
Sent: Tuesday, February 28, 2006
12:10 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail]
Damaged Image Files
I haven't received notification of 3.06. Did others receive a notice that
it was available?
Rob
---
[This E-mail scanned for viruses by Declude Virus]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe
They kept that one quiet. I wasn't aware of any problems with 3.0.5.26, and
this is the first mention I've seen of 3.0.6, on this list or anywhere else.
I guess I need to check Declude's upgrade section on a daily basis to see when
they've snuck out a new release, since this information isn't
In looking through my DNS tests I see only the following two to be
obviously checks on the DUL space
NJABL-DUL
SORBS-DUHL
Are there other DNS tests that would also indicate that it came from the
DUL space?
Thanx
Goran Jovanovic
Omega Network Solutions
---
This E-mail came from the
Only after I submitted an issue to Tech Support. No release notes for it
either...
I am running it.
- Original Message -
From: Robert Grosshandler [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Tuesday, February 28, 2006 4:14 PM
Subject: [Declude.JunkMail] 3.06
I haven't
Here's what I use to target DUL space:
SORBS-DUHL IP4R dnsbl.sorbs.net 127.0.0.10 0 0
NJABL-DYNABLOCK IP4R dynablock.njabl.org 127.0.0.3 0 0
NJABL-DUL IP4R dnsbl.njabl.org 127.0.0.3 0 0
MAILPOLICE-HELO dnsbl %HELO%.dynamic.rhs.mailpolice.com 127.0.0.2 0 0
MAILPOLICE-REVDNS dnsbl
I downloaded it from the Declude site last week and it's running just fine.
Wolf
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler
Sent: Tuesday, February 28, 2006 5:14 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail]
Starting to catch EXE attached messages with following subject lines coming (at
least currently) MESWILLEY.org [68.63.231.44].
You steal from innocent people
You are a criminal and will be busted!
Phshing is illigal
Where did you learn to scam?
John C
9:15p CST
---
This E-mail
Hi, John-
Thanks.
The address belongs to Comcast and is assigned to Hattiesburg-Laurel, MS.
Please send a complaint to [EMAIL PROTECTED]
-d
- Original Message -
From: John Carter [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Tuesday, February 28, 2006 10:17 PM
Subject:
I got this one:
htmlbody
Hi!br brJust to inform you that your email is used by a spamer who
intendsbrto steal bank account information thru a fake site.br brIf
you are not involded, I can bring you additionnal information. Check
attached file for a proof.br brIf you are, you're a little
27 matches
Mail list logo